Storing md5 hash of a password in database and comparing it$userName=strip_tag

1. Storing md5 hash of a password in database and comparing it
2. $userName=strip_tags($userName);
3. $pass=strip_tags($pass);
4.  
5. $userName= htmlentities($userName, ENT_QUOTES, 'UTF-8');
6. $pass= htmlentities($pass, ENT_QUOTES, 'UTF-8');
7.  
8.  
9. $userName=mysql_real_escape_string($userName);
10. $pass=mysql_real_escape_string($pass);
11.  
12.  
13. $salt = 'SHIFLETT';
14. $password_hash = md5($salt . md5($pass.$salt));
15.  
16. function validateLogin($user_name, $pass)
17. {
18. $userName=strip_tags($userName);
19. $pass=strip_tags($pass);
20.  
21. $userName= htmlentities($userName, ENT_QUOTES, 'UTF-8');
22. $pass= htmlentities($pass, ENT_QUOTES, 'UTF-8');
23.  
24.  
25. $userName=mysql_real_escape_string($userName);
26. $pass=mysql_real_escape_string($pass);
27.  
28.  
29. $salt = 'SHIFLETT';
30. $password_hash = md5($salt . md5($pass.$salt));
31.  
32. $result=mysql_query("SELECT COUNT(*) AS Result FROM users WHERE user_name='$user_name' AND pass='$password_hash'");
33.  
34. mysql_close();
35.  
36. if($row=mysql_fetch_array($result))
37. {
38. if($row['Result']>0)
39. {
40. echo "Login successful";
41. }
42. else
43. {
44. echo "Login unsuccessful";
45. }
46. }
47. }
48.  
49. function hashPassword($str)
50. {
51. return hash("sha512", $str . "salt");
52. }
53.  
54. $password_hash = hashPassword($_POST['password']);
55. $username = mysql_real_escape_string($_POST['username']);
56.  
57. mysql> create table users (
58. -> id int primary key auto_increment,
59. -> username varchar(20),
60. -> password char(128));
61.  
62. $check = "select id from users where username = '$username' and password = '$password_hash'";
63. $result = mysql_query($check);
64.  
65. if(mysql_num_rows($result))
66. {
67. echo "<p>Login was successful!</p>n";
68. }
69.  
70. $pass=mysql_real_escape_string($pass);